How to set windows event viewer to automatically send email based on logged event ?

Hi all,

How can we set the event Viewer in Windows Server 2008R2 and 2012 R2 to send out email based on the logged event ?

I'd like to use it to know for account lock out trouble shooting and some other monitoring purpose.

Thanks
LVL 9
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?
 
VB ITSSpecialist ConsultantCommented:
0
 
Cliff GaliherCommented:
You'll want to look at a 3rd party application to do this. 2008 R2 had a basic trigger, but is cumbersome to configure and adjust and has been deprecated in newer OSes. You could theoretically have a trigger fire off a script that has SMTP baked in, but again, you are now talking about a bunch of triggers and manually modifying scripts... not very scalable. There are enough event monitoring solutions that have databases of known event IDs, some relatively inexpensive, that you'll quickly get a return on investment from labor costs alone, regardless of OS.
0
 
SandeepSr System AdministratorCommented:
You can make use of Log Parser to scan the logs and pull out selected event log which can be stored in Text file. And same can be sent with mail sending exe files with some vbscripts. On our servers we had installed this successfully and we used to get emails without any issues.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
I strongly suggest you look at Splunk as it has advanced capabilities as well as a very user friendly interface for monitoring and alerting.

http://www.splunk.com
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok so in this case it is possible in Win2008R2 but somehow not for Server 2012 and newer ?
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
It does work for 2012 or newer also, however, it is very limited in features and that is why it would be better to use a third party tool such as Splunk.  Splunk also has a light forwarder that can also send data to a syslog server, however, Splunk uses TCP which makes it reliable and you will not lose any events.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, so in order to use Splunk, both type of Windows Server event viewer must be configured in forwarded events to the Splunk system ?

Can it works on the free version of splunk ?
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Free version of Splunk can index up to 500 MB per day and it will work fine.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
thanks for the input and suggestion guys !
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.